Hi Hugo,
Thanks for your comments.
Just to clarify the difference between SPAKE2 and J-PAKE - The proof of SPAKE2
depends on the assumption of a trusted setup: the discrete logarithm between
the two group generators must be unknown by anyone. If a powerful adversary (3
letter agency) gathers s
the equality holds).
Cheers,
Feng
On 27/03/2019, 20:08, "Watson Ladd" wrote:
>On Wed, Mar 27, 2019 at 7:56 PM Feng Hao wrote:
>>
>> Hi Hugo,
>>
>>
>>
>> Thanks for your comments.
>>
>>
>> Just to clarify the difference between
Hi Dan,
On your first comment, Yes, J-PAKE requires one more flow, but for the
following benefits
* Unlike EKE and SRP, it has the flexibility to work in any prime-order
subgroup over a finite field (e.g., DSA-like groups).
* Unlike SPAKE2, it doesn't require setting up two generators whose
